lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040805152812.26899.qmail@www.securityfocus.com>
Date: 5 Aug 2004 15:28:12 -0000
From: <pmoses@...sics.ucsd.edu>
To: bugtraq@...urityfocus.com
Subject: local denial of Service, Yellowdog linux to 3.0.1




Since they are releasing a new version....

Title: Local Denial of Service/render system unusable YelloDog Linux
Author: Phil Moses pmoses@...sics.ucsd.edu
Date: June 4, 2004
------------------------------------------------
Summary:
Currently it seems that YellowDog is fairly easy to render unuseable, or what could be called launch a "local denial of service" on the operating system by filling the root disk to capacity and doing a "hard" reboot.
                                                                                                               
                                                                                                               
Description:
If the root filesystem is filled to capacity and the machine goes through an improper shutdown and is forced into an fsck, basically all hell breaks loose. It looks to me as if the file /etc/fstab attempts to write itself to a swap file and if the filesystem is full, replaces the original /etc/fstab with a zero sized file. It is possible to mount the root filesystem in rw mode and re-create the fstab file but until this is done, the system is not going to boot.
The YDL machines that I use are desktop machines that I have gathered for users and cannot be put under lock and key, meaning they could be unplugged at any time.
                                                                                                               
Vulnerable Systems:
YDL 3.0.1 , possibly previous versions as well.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ